Manage users and groups in Helix Core Server
To create Helix DAM users, see Create users.
To perform these tasks on the Helix Core Server side, see the following sections in the Helix Core Server Administrator Guide:
- Managing users for information on user types, adding new licensed users, and renaming users
- Authorizing access for information on the protections table and setting permission levels for users
- Granting access to groups of users for information on creating and editing groups
In Helix Core Server, do not alter or edit groups with a name following any of these conventions in any way:
HTH-//<depot-path>/<repo-path>-<HTH_ACCESS_LEVEL>
HTH-<depotname>-<hth_access_level>
HTH-<company-admin>
Mapping of TeamHub roles to graph depot permissions
In Helix Core Server, you grant permissions to users or groups. In TeamHub, you assign roles. The following table indicates how each TeamHub role is mapped to specific graph depot permissions in Helix Core Server.
TeamHub Role | Graph Depot Permission |
---|---|
Admin |
|
Manager |
|
Master |
|
Developer |
|
Guest |
|
For more information on Helix Core Server permissions, see the p4 grant-permission
command in the Helix Core Command-Line (P4) Reference.
For more information on TeamHub roles, see the Roles chapter in the Helix TeamHub Help.
Enable synchronization of Helix users in Helix DAM
To automatically give all Helix Core Server users access to Helix DAM, select the check box. To do this, either go to the Helix TeamHub admin UI under Preferences > Helix Core Server > Account and group synchronization, or configure it in the /var/opt/hth/shared/hth.json
configuration file.
When the Enable synchronization of Helix users in Helix DAM check box is selected:
-
You cannot give non-Helix Core users access to Helix DAM.
-
You cannot create or deactivate a user manually.
If you do not have enough Helix DAM licenses for all your Helix Core Server users, or if you want to exclude users and groups from accessing Helix DAM, see Including and excluding of Helix Core Server users and groups.
A license is allocated to the p4search-user. To exclude the p4search-user from taking a license, see Including and excluding of Helix Core Server users and groups.
Including and excluding of Helix Core Server users and groups
You may want to include users or groups, or one or more users in a group, that exist in Helix Core Server to be available in Helix DAM, or exclude them from being displayed. To do this, configure the respective keys, either in the TeamHub admin UI under Preferences > Helix Core Server > Account and group synchronization, or in the /var/opt/hth/shared/hth.json
configuration file. For details on these keys, see Section: pilsner in the TeamHub configuration section.
- TeamHub bots are created as users on the Helix Core Server.
- The include/exclude configuration applies to bots in the same way as it does for other users.
-
Add the users to the appropriate groups before updating the include/exclude configuration.
- Update the include/exclude configuration before managing users, bots , and groups in the TeamHub admin UI.
When synchronizing users, TeamHub proceeds in the following order. TeamHub:
- Includes direct users and bots
- Adds users and bots from groups
- Excludes users and bots from groups
- Excludes direct users and bots
When synchronizing groups, TeamHub first includes groups and then extracts any groups that are marked as excluded in the configuration.
To include or exclude Helix Core Server users or groups:
-
In the Preferences view, under Account and group synchronization, enter the name of users or groups as needed.
For example:
To include the users called user1 and user2, enter the following in the Include users field: ^(user1|user2)$
To include users from a group called perforce-group, enter the following in the Include users from groups field: ^perforce-group$
For details and more examples, see Section: pilsner.
-
Click Save preferences.
A warning appears because the changes have not been applied to the TeamHub server yet. Perform the following step to finalize the configuration.
-
To apply server configuration changes to the TeamHub server, connect to the server via SSH and run the following command:
sudo hth-ctl reconfigure
-
After successfully running the reconfigure command, reload the TeamHub admin portal.
WarningFailure to do so may result in normal web server interruption messages, such as the HTTP Error 503. The service is unavailable. error, because the services come back online.
JSON configuration examples
This section includes examples of how to exclude groups and users by editing the pilsner key in the /var/opt/hth/shared/hth.json
file. Including or excluding users, users from groups, and groups works exactly the same way, so you can apply the following examples to all cases.
To exclude all groups starting with external- or test- or ending with test:
^(external-|test-).*, test$
To exclude user1 and user2, and any user starting or ending with test:
^(user1|user2)$, test$, ^test
Following is a code snippet from the hth.json file with these values included under the "pilsner" key:
"helix_users_include_regex": "", "helix_users_exclude_regex": "^(user1|user2)$, test$, ^test", "helix_users_from_groups_include_regex": "", "helix_users_from_groups_exclude_regex": "", "helix_groups_include_regex": "", "helix_groups_exclude_regex": "^(external-|test-).*, test$"